The '58 sound

Clearing up after spammers


Today I arrived at work and discovered that someone had been sending unauthorised direct messages (DMs) from my Twitter account. These messages were of the form “This you???? <URL>”,  where the URL is a shortened URL which led to a site designed to phish for Twitter password details. I can see these messages by looking at the Sent list of my Direct mesages, and it appears that has been sent to a random selection of over 100 Twitter accounts (some of whom I follow, some I don’t recognise).

Firstly, apologies to everyone who received one of these messages and who was inconvenienced by it.

This is a known scam, and there are recognised steps to take if it happens to you. But it made me realise how awkward it is to clear up the mess an incident like this causes, and the impact of the breach of trust that inevitably occurs when people think that I am sending them malicious or junk messages:

I sent an apologetic tweet as soon as I realised what happened (I thought it better not to use DM to apologise!). But people continued to respond after that. I apologised again 7 hours later to catch those who hadn’t seen the first tweet.

So apologising effectively is really difficult! Twitter is a global community covering all time zones, so people might miss my apology tweet because they were asleep, or away from their PC, or just because it was lost in the crowd. Yet the personal nature of a DM is much more likely to compel someone to act on it (firstly to discover it’s spam, and secondly tell me so).

So what’s the most efficient way of telling everyone “I’ve been hacked. I’m sorry. Please ignore my recent DM”? Should I temprarily change my Twitter profile’s description (which people might not notice)? Or send regular apology tweets (potentially annoying followers who already know)? Or should Twitter provide some additional way of allowing me to alert everyone with information of this nature?

This is of course likely to be a problem for any social networking/communication system that has exploitable security flaws – how we go about cleaning up the damage caused by spammers to human relationships. Thoughts are welcome via the comments facility – and thanks to WordPress’ use of Akismet, uninvited spammers are likely to be kept well away from the conversation.